• by Steve Smith , Staff Writer @popeyesm, March 11, 2011

It is going to be a busy season on the privacy protection front, so buckle up.  

First, look for a flurry of mainstream news stories next week as a Senate Commerce Committee hearing on the topic kicks off. In advance of the meeting, Senators John Kerry and John McCain are expected to float a legislative proposal for a consumer "privacy bill of rights," the Wall Street Journalis reporting.

According to this plan, Web sites would need to get users' permission before sharing data with third parties, and users would need to have access to what data is being collected and shared.   

The description of the plan is a bit hazy at this point. For instance, what would permission entail, we wonder? Does a user give the site one-time permission to share data with all third parties?  Obviously we would have to see the bill to know better, but according to Julia Angwin's reporting, which seems to be coming from a draft of the bill, the law would cover personal names and addresses as well as unique device identifiers. Less clear as of now is if it would cover common methods of anonymizing users via cookies.

Even more puzzling to me is another piece of the plan that would create a certification program for companies with high privacy standards. In these cases the approved companies would be able to sell data without user permission. I would have to hear a bit more about that one, but a host of questions emerge here over implementation and enforcement over a network as complex as the Internet. Put aside for the moment the issue of whether any government entity should be "certifying" companies to get special dispensation from such rules.  

On the self-regulation front, advertising and sites tagged with the much-discussed Ad Choice icons are starting to appear online, although good luck finding one. A lot of people in the industry email me asking to point one out in the wild. They are pesky and elusive creatures, to be sure. And I can imagine consumers could become confused by the different experiences they get when clicking on Google, Microsoft's and AdChoices icons. For instance, at MSNBC.com's page, I find an AdChoices text link that calls up a Microsoft Advertising page. Atop the page is what looks like the older "Power I" version of the standard icon rather than the triangular version I thought we were all using now. Microsoft lets you opt out of its own network and then pushes you over to the NAI to opt out for more.  

One example of the more standard AdChoices icon can be found reliably at the bottom of Ziff-Davis publications. So navigate to PCMag.com, for instance and at the very bottom of the page under the company's Ziff Davis, Inc. column, click on the AdChoices icon to get a pop-up showing that data is being collected by ZD and Demdex. There is an immediate opt-out option for both on the pop-up -- and the opportunity to click through to explanations of OBA and on to Evidon for further opt-out  options.

Scott Meyer, CEO of Evidon, told me last month that in the first four months of full-bore operation, Evidon had served over 11 billion impressions. Among those who click on the icon (at a .004% rate), about 3% are opting out of one or more provider. "That translates to over 450,000 consumers who have clicked through on icons served by Evidon in four months of production at scale," he tells me.   "Of those, approximately 15,000 have requested opt-outs through our platform, with each consumer making an opt-out decision frequently requesting opt-out from more than one company." 

It will be interesting to see if the growing efforts to legislate privacy ultimately dovetail with industry self-regulation. From these preliminary reports about the Kerry/McCain proposal, one has to wonder how much legislators really want to get involved in the business of policing data collection. 

All of this is coming to the fore just in time to fuel the privacy discussions we have planned for the March 22 OMMA Behavioral conference in New York. In an afternoon pod of content we will have Adam Kasper, EVP, Managing Director of Havas' Media Contacts, kicking us off with an agency-side perspective on whether consumers really do care about their data.

 Following Adam, a panel representing a range of views on the market will reflect on where the self-regulation effort is at the moment and what we have learned from consumers thus far. Among the panelists are Eugenie Barton, Director, Online Internet-Based Advertising Accountability Program of the Better Business Bureau, along with Jim Brock of PrivacyChoice -- both able to report on how consumers are responding to self-regulatory efforts. Then there's Joseph Turow from the  Annenberg School of Communication, one of the leading thinkers on the evolution of media in the digital age, and Sal Tripi, who  runs the compliance program for Publishers Clearinghouse, where he focuses on the issue of marketing practices and brand reputation. And Michelle Prieb of Ball State will be bringing us new research showing a range of consumer attitudes toward their own privacy depending on different circumstances.